Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a zero access virus per Member TwinHeadedEagle


  • This topic is locked This topic is locked
3 replies to this topic

#1 carlhelton

carlhelton

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 05 September 2013 - 01:09 PM

I was in another area and scans i made at the request of TwinHeadedEagle showed I have a zero access virus. I am not able to turn on the firewall as instructed in your prep guide.

I will send attach log 2 ways because, first it said to attach then i read to zip it up first.. I hope that is enough to get started? I disabled my virus software because I was working on something that it interfered with.

Here is DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.13.2
Run by Carl at 13:59:16 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.5803 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\WinTV\IR\Hcw2650Service.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\mmc.exe
C:\Windows\ehome\ehPrivJob.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [Advanced Uninstaller PRO] C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Carl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\errorlog.txt
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{70C2692C-1DB6-4E69-88E1-3EFB34861F3D} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R1 ArcSec;archlp;C:\Windows\System32\drivers\ArcSec.sys [2012-4-15 312184]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-14 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Hcw2650Service;Hauppauge DCR-2650 IR Service;C:\PROGRA~2\WinTV\IR\Hcw2650Service.exe [2013-9-5 177936]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-26 418376]
R2 mceBackup Service;mceBackup Service;C:\Program Files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe [2010-1-27 49664]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-3-28 32544]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-26 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-26 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-26 171928]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 HcwMocurIR;Hauppauge WinTV DCR-2650 Consumer IR;C:\Windows\System32\drivers\HcwMocurIR.sys [2012-6-30 22288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-26 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-28 648808]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-26 701512]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-24 46136]
S3 LMHIDDriver;Windows Media Center Remote Control;C:\Windows\System32\drivers\LMHIDDriver_amd64.sys [2007-4-27 8960]
S3 PhilMAS64;ASUS MyCinema-EHD3100 service;C:\Windows\System32\drivers\PhilMAS64.sys [2012-3-26 1502384]
S3 PhilMAS64_48D71043;ASUS SAA7164/7163 service for 48D71043/48D81043;C:\Windows\System32\drivers\PhilMAS64_48D71043.sys [2012-3-25 1395176]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2012-3-28 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2012-3-28 32360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-25 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$MYMOVIES;SQL Server Agent (MYMOVIES);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-05 17:11:24 -------- d-----w- C:\ProgramData\Hauppauge
2013-09-05 17:11:21 -------- d-----w- C:\Program Files (x86)\WinTV
2013-09-05 05:17:32 -------- d-----w- C:\Users\Carl\AppData\Roaming\SpeedyPC Software
2013-09-05 05:17:32 -------- d-----w- C:\Users\Carl\AppData\Roaming\DriverCure
2013-09-05 05:17:24 -------- d-----w- C:\ProgramData\SpeedyPC Software
2013-09-05 03:23:45 -------- d-----w- C:\Program Files (x86)\The Digital Lifestyle.com
2013-09-04 17:09:31 -------- d-----w- C:\Users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2013-09-04 17:09:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-09-04 17:09:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-09-04 15:38:53 -------- d-----w- C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-04 15:12:56 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2013-08-26 20:29:49 -------- d-----w- C:\Users\Carl\AppData\Local\CrashDumps
2013-08-26 20:16:08 -------- d-----w- C:\Users\Carl\AppData\Local\NPE
2013-08-26 18:05:09 -------- d-----w- C:\Users\Carl\AppData\Roaming\AVG2013
2013-08-26 18:04:38 -------- d-----w- C:\Users\Carl\AppData\Roaming\TuneUp Software
2013-08-26 18:04:00 -------- d--h--w- C:\$AVG
2013-08-26 18:03:59 -------- d-----w- C:\ProgramData\AVG2013
2013-08-26 18:03:25 -------- d-----w- C:\Program Files (x86)\AVG
2013-08-26 18:00:56 -------- d--h--w- C:\ProgramData\Common Files
2013-08-26 18:00:56 -------- d-----w- C:\Users\Carl\AppData\Local\MFAData
2013-08-26 18:00:56 -------- d-----w- C:\Users\Carl\AppData\Local\Avg2013
2013-08-26 18:00:56 -------- d-----w- C:\ProgramData\MFAData
2013-08-26 16:00:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-08-26 15:59:19 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-08-26 15:59:16 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-26 14:47:57 -------- d-----w- C:\Program Files\Enigma Software Group
2013-08-26 14:47:14 -------- d-----w- C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-26 14:47:11 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-26 14:34:21 -------- d-----w- C:\Users\Carl\AppData\Roaming\Malwarebytes
2013-08-26 14:34:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-26 14:34:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-26 14:34:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 14:33:51 -------- d-----w- C:\Users\Carl\AppData\Local\Programs
2013-08-22 18:53:39 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-08-22 14:59:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M  ====================
.
2013-08-05 01:21:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-05 01:21:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-20 05:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 05:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 05:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 05:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-10 05:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-01 05:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 14:00:05.70 ===============

Attached Files


Edited by carlhelton, 05 September 2013 - 01:54 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:42 AM

Posted 08 September 2013 - 04:50 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:42 AM

Posted 12 September 2013 - 11:50 PM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.


Regards,
Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:42 AM

Posted 18 September 2013 - 03:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users